* where write_sddl_token() writes.
*/
bool ok;
+ bool first = true;
struct ace_condition_token token = {
.type = CONDITIONAL_ACE_TOKEN_COMPOSITE
};
* in this loop we are looking for:
*
* a) possible whitespace.
- * b) a literal
+ * b) a comma (or terminating '}')
* c) more possible whitespace
- * d) a comma (or terminating '}')
+ * d) a literal
*
* Failures use a goto to reset comp->target, just in case we ever try
* continuing after error.
if (! ok) {
goto fail;
}
+ c = comp->sddl[comp->offset];
+ if (c == '}') {
+ comp->offset++;
+ break;
+ }
+ if (!first) {
+ if (c != ',') {
+ comp_error(comp,
+ "malformed composite (expected comma)");
+ goto fail;
+ }
+ comp->offset++;
+
+ ok = eat_whitespace(comp, false);
+ if (! ok) {
+ goto fail;
+ }
+ }
+ first = false;
if (*comp->target_len >= alloc_size) {
comp_error(comp,
"Too many tokens in composite "
if (!ok) {
goto fail;
}
- ok = eat_whitespace(comp, false);
- if (! ok) {
- goto fail;
- }
- c = comp->sddl[comp->offset];
- if (c == '}') {
- comp->offset++;
- break;
- }
- if (c != ',') {
- comp_error(comp,
- "malformed composite (expected comma)");
- goto fail;
- }
- comp->offset++;
}
comp->target = old_target;
comp->target_len = old_target_len;
* - SIDs are not written with SID(...) around them.
*/
bool ok;
+ bool first = true;
struct ace_condition_token composite = {
.type = CONDITIONAL_ACE_TOKEN_COMPOSITE
};
* in this loop we are looking for:
*
* a) possible whitespace.
- * b) a literal, of the right type (checked after)
+ * b) a comma (or terminating ')')
* c) more possible whitespace
- * d) a comma
+ * d) a literal, of the right type (checked after)
*
* Failures use a goto to reset comp->target, just in case we ever try
* continuing after error.
if (! ok) {
goto fail;
}
+ c = comp->sddl[comp->offset];
+ if (c == ')') {
+ break;
+ }
+ if (!first) {
+ if (c != ',') {
+ comp_error(comp,
+ "malformed composite (expected comma)");
+ goto fail;
+ }
+ comp->offset++;
+
+ ok = eat_whitespace(comp, false);
+ if (! ok) {
+ goto fail;
+ }
+ }
+ first = false;
if (*comp->target_len >= alloc_size) {
comp_error(comp,
"Too many tokens in composite "
if (! ok) {
goto fail;
}
-
- ok = eat_whitespace(comp, false);
- if (! ok) {
- goto fail;
- }
- c = comp->sddl[comp->offset];
- if (c == ')') {
- break;
- }
- if (c != ',') {
- comp_error(comp,
- "malformed composite (expected comma)");
- goto fail;
- }
- comp->offset++;
}
comp->target = old_target;
comp->target_len = old_target_len;
"Device_Member_of{SID(BA), 7, 1, 3} "
"|| Exists hooly)"),
("(!(!(!(!(!((!(x==1))))))))"),
+ ("(@User.a == {})"),
+ ("(Member_of{})"),
("(Member_of {SID(S-1-33-5), "
"SID(BO)} && @Device.Bitlocker)"),
"(@USER.ad://ext/AuthenticationSilo == \"siloname\")",
("(@Device.%002e == 3)"),
("(@Device.%002f == 3)"),
("(@Device.%003a == 3)"),
+ /* trailing comma in composite */
+ "(Member_of{SID(AA),})",
+ /* missing comma between elements of a composite */
+ "(Member_of{SID(AA) SID(AC)})",
+ /* unexpected comma in composite */
+ "(Member_of{,})",
};
size_t i, length;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
projects / thirdparty / samba.git / commitdiff
